Re: Remotely exploitable bug in systemd (CVE-2017-9445)

To: debian-user@lists.debian.org
Subject: Re: Remotely exploitable bug in systemd (CVE-2017-9445)
From: <tomas@tuxteam.de>
Date: Sun, 2 Jul 2017 14:59:38 +0200
Message-id: <[🔎] 20170702125938.GA15179@tuxteam.de>
In-reply-to: <[🔎] 20170702153545.27cf2bdaa8cfda2efc280f04@gmail.com>
References: <[🔎] 20170701163641.0567492f@jabberwock.cb.piermont.com> <[🔎] 87r2xzzwgz.fsf@turtle.gmx.de> <[🔎] db6d7332-a79d-bb4c-f911-f9ab2dae69a9@plouf.fr.eu.org> <[🔎] 87k23rz1lc.fsf@turtle.gmx.de> <[🔎] CANc=Sd3NW1EJ3i2ho1hRQj-WYXEsNPpNWPnfPb_tQHpo5iPqow@mail.gmail.com> <[🔎] 20170702153545.27cf2bdaa8cfda2efc280f04@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, Jul 02, 2017 at 03:35:45PM +0300, Reco wrote:
> 	Hi.
> 
> On Sun, 2 Jul 2017 10:24:13 +0100
> Michael Fothergill <michael.fothergill@gmail.com> wrote:
> 
> > On 2 July 2017 at 09:26, Sven Joachim <svenjoac@gmx.de> wrote:
> > 
> > > On 2017-07-02 09:34 +0200, Pascal Hambourg wrote:
> > >
> > > > Le 01/07/2017 à 23:19, Sven Joachim a écrit :
> > > >> On 2017-07-01 16:36 -0400, Perry E. Metzger wrote:
> > > >>
> > > >>> Am I correct in interpreting this:
> > > >>> https://security-tracker.debian.org/tracker/CVE-2017-9445
> > > >>> as meaning a fix to it still isn't in sid, and therefore is not
> > > >>> yet in the process of percolating down to stretch?
> > > >>
> > > >> That seems to be correct.
> > >
> > 
> > Could this be exploited to force people to use sysvinit instead of systemd
> > ?
> 
> Hardly. This is a a bug in an optional component disabled by default
> with sane alternatives existing.
> 
> Things like [1], on the other hand…

Yikes. That's a nice one. That means that an action by systemd on
user name "0day" is not refused but done as if the user "name"
was 0, i.e. root?

That reminds me of that fairy tale in which the hero has three
wishes, but they are fulfilled in such a non-obvious (and gruesome)
way that the last wish has to be used up to undo as much damage
from the first two as possible...

- -- t
> [1] https://github.com/systemd/systemd/issues/6237
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAllY7joACgkQBcgs9XrR2ka8IwCeNE92v0GOmQ+a5fGpG6AbMGCO
FncAmgPjfXwECZZfEXAP2Bgv+bw+Vt3w
=anj9
-----END PGP SIGNATURE-----

Reply to:

References:
- Remotely exploitable bug in systemd (CVE-2017-9445)
  - From: "Perry E. Metzger" <perry@piermont.com>
- Re: Remotely exploitable bug in systemd (CVE-2017-9445)
  - From: Sven Joachim <svenjoac@gmx.de>
- Re: Remotely exploitable bug in systemd (CVE-2017-9445)
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Re: Remotely exploitable bug in systemd (CVE-2017-9445)
  - From: Sven Joachim <svenjoac@gmx.de>
- Re: Remotely exploitable bug in systemd (CVE-2017-9445)
  - From: Michael Fothergill <michael.fothergill@gmail.com>
- Re: Remotely exploitable bug in systemd (CVE-2017-9445)
  - From: Reco <recoverym4n@gmail.com>

Prev by Date: Re: Clarifying what 'systemd' actually means
Next by Date: Re: Clarifying what 'systemd' actually means
Previous by thread: Re: Remotely exploitable bug in systemd (CVE-2017-9445)
Next by thread: Re: Remotely exploitable bug in systemd (CVE-2017-9445)
Index(es):
- Date
- Thread